Creating a Load Balancer Listener
Create a listener to check for incoming traffic on the load balancer's IP address.
For prerequisite information, see Listeners for Load Balancers.
- Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.
- Select the Compartment from the list. All load balancers in that compartment are listed in tabular form.
- Select a State from the list to limit the load balancers displayed to that state.
- Select the load balancer for which you want to create a listener. The load balancer's Details page appears.
- Click Listeners under Resources. The Listeners list appears. All listeners are listed in tabular form.
- Click Create listener. The Create listener dialog box appears.
-
Complete the following:
-
Name: Enter a friendly name for the listener. The name must be unique, and can't be changed.
-
Hostname: (Optional) Select up to 16 virtual hostnames for this listener.
Note
To apply a virtual hostname to a listener, the name must be part of the load balancer's configuration. If the load balancer has no associated hostnames, you can create one on the Hostnames page. See Virtual Hostnames for Load Balancer for more information.
-
Protocol: Specify the protocol to use:
-
HTTPS
-
HTTP
-
HTTP/2
-
gRPC
-
TCP
-
-
Port: Specify the port on which to listen for incoming traffic.
-
Use SSL: (Required for HTTP/2, HTTPS, and gRPC. Optional for HTTP and TCP) Select to enable. The following settings are required to associate an SSL certificate bundle with the listener to enable SSL handling. See SSL Certificates for Load Balancers for more information on using SSL certificates with load balancers.
The load balancer automatically detects changes and consumes the current version of the Certificates service entities (certificates, certificate authorities, and CABundles) for use in SSL configuration. See Certificates for more information on automated certificate rotations.
-
Certificate resource: Select the certificate resource type from the list:
The method of importing the certificate varies depending on the certificate resource type you select.
-
Certificate service managed certificate: Select the certificate in the specified compartment from the Certificate list. Click Change compartment to choose a different compartment from where to select the certificate.
Advanced options are available with this selection. Click Show advanced options and select the Advanced SSL tab. This option is described later in this topic.
-
Load balancer managed certificate: Select one of these options to import the certificate:
Choose SSL certificate file: Drag the certificate file, in PEM format, into the SSL certificate field. You can also select the Paste SSL certificate option to paste a certificate directly into this field. If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.
Specify private key: (Required for SSL termination, optional for all else) Select box to provide a private key for the certificate.
Choose private key file: Drag the private key, in PEM format, into the Private key field. You can also select the Paste private key option to paste a private key directly into this field.
Enter private key passphrase: (Optional) Specify the private key passphrase.
Verify peer certificate: (Optional) Select this option to enable peer certificate verification. See SSL Certificates for Load Balancers for more information. Mutual TLS (mTLS) isn't supported for communication between a load balancer and its backend servers. You can use mTLS for communication between load balancers and users.
Verify depth: (Optional) Specify the maximum depth for certificate chain verification. See SSL Certificates for Load Balancers for more information.
-
-
Enable session resumption: Select to resume the previous encryption session rather than complete a new SSL connection before each request. Enabling session resumption improves performance but provides a lower level of security. Deselect the feature to force a new SSL connection before each request. Disabling session resumption improves security but reduces performance.
-
-
Backend set: Specify the default backend set to which the listener routes traffic.
-
Idle timeout in seconds: (Optional) Specify the maximum idle time in seconds. This setting applies to the time allowed between two successive receive or two successive send network input/output operations during the HTTP request-response phase. The maximum value is 7200 seconds. For more information, see Load Balancer Timeout Connection Settings.
-
(Optional) Select Proxy Protocol to enable and configure proxy protocol on the load balancer. See Proxy Protocol for more information on this feature. Select which proxy protocol version you want to use:
-
Version 1: Supports a human-readable header (text) format and is typically a single line of a log entry. Use this option for debugging during the early adoption stage when few implementations exist.
-
Version 2: Combines support for the human-readable header from Version 1 with a binary encoding of the header for greater efficiency in producing and parsing. Use this option for IPv6 addresses, which are difficult to generate and parse in ASCII form. Version 2 also better supports custom extensions. By default, PP2 Type Authority is selected as the only Version 2 option available.
-
-
Select either a Routing policy or a Path route set.
-
Routing policy: (Optional) Specify the name of the routing policy that applies to this listener's traffic.
-
Path route set: (Optional) Specify the name of the set of path-based routing rules that applies to this listener's traffic.
To apply a path route set to a listener, the path route set must be part of the load balancer's configuration.
To remove a path route set from an existing listener, select None as the Path Route Set option. The path route set remains available for use by other listeners on this load balancer.
-
-
Rule sets: (Optional) Select a rule set to apply to this listener's traffic. To apply a rule set to a listener, the set must be part of the load balancer's configuration. To remove a rule set from the list, click the corresponding red box. The rule set remains available for use by other listeners on this load balancer.
-
- Click Create listener.
Use the oci lb listener create command and required parameters to create a listener for a load balancer:
oci lb listener create --name name --default-backend-set-name default_backend_set_name --load-balancer-id load_balancer_id --port port --protocol protocol [OPTIONS]
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateListener operation to create a listener for a load balancer.